Unrestricted File Upload Remote Code Execution Vulnerability in Admin Console (CVE-2018-1342/ZDI-CAN-5088)

Document ID:7022444
Creation Date:08-Dec-2017
Modified Date:12-Mar-2018
- Micro Focus Products:
  Access Manager (NAM)

Environment

Access Manager 4.3
Access Manager 4.4
Administration Console
CVE-2018-1342
ZDI-CAN-5088

Situation

Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server (CVE-2018-1342)

Resolution

Fixed in 4.3.3 and 4.4.0 hf1.

Thanks to Ariele Caltabiano (kimiya) and rgod for identifying issue and working with Trend Micro's Zero Day Initiative

Status

Security Alert

© Micro Focus. Please see Terms of Use applicable to this content.